Annex 4 to DPA

Third party subcontractors

 

The following list contains all of the subcontractors that WeVideo uses which collects user data.

At minimum, policies/DPAs with our subcontractors must be reviewed annually to ensure they continue to meet our privacy requirements.

 

Name Purpose Collected Data
Contains Student Data?
Amazon Web Services

Infrastructure and functionality for WeVideo. App server, file storage, database, delivery and more.

Name, email address, device metadata (ip address), user generated content

Yes

Hubspot

CRM & Email campaigns (including incident response)

Name, email address, marketing related usage tracking.

No, students are opted out.

Mixpanel

Analytics

Email address (if not student), user activity within application (features used, etc)

No, anonymized data.

Zendesk

Customer Support

Email address, and anything the user opts into

No, unless student opts in.

Google Analytics

Analytics

Device metadata (ip address)

No

Google Tag Manager (facebook, bing, linkedin, pinterest, twitter, yandex, disqus, addthis, doubleclick.net)

Managing cookies

Device metadata (ip address)

No

Fullstory

Analytics

User session activity

No

PayPal

Handling self service (non purchase order) subscriptions.

PCI compliant data for processing payment and managing subscription (email address, payment info)

No (unless user signs up for non EDU personal plan)

Stripe

Handling self service (non purchase order) subscriptions. Credit card payments for POs.

PCI compliant data for processing payment and managing subscription (email address, payment info)

No (unless user signs up for non EDU personal plan)

Baremetrics

Payment analysis, expired card notification

Email address

No (unless user signs up for non EDU personal plan)

Salesforce

CRM software

Information on leads, quotes

No

TrackJS

Error tracking

Error logs (anonymized)

No

sentry.io

Error tracking

Error logs (anonymized)

No

Google Play Store

Handling self service (non purchase order) Android subscriptions.

PCI compliant data for processing payment and managing subscription (email address, payment info)

No (unless user signs up for non EDU personal plan)

Apple App store

Handling self service (non purchase order) iOS subscriptions.

PCI compliant data for processing payment and managing subscription

No (unless user signs up for non EDU personal plan)

Storyblocks

Stock media library

Media usage

No

Impact

Affiliate program

 

No

 

 

Non user facing (user will never be subject to this via any cookie, visit or app etc, but could contain data for example if it was breached)

 

Name

Purpose

Collected Data

Google Workplace (Alphabet)

Enterprise solution (email, etc)

Potentially PII is stored here from email communication or perhaps forms/documents in Drive

Atlassian

Development and issue tracker

Generally userid’s are used here instead of PII, but there are cases where it is relevant and could be exposed in a breach.

Slack

Company communication

Potentially PII is stored here from chat communication.

Github

Code hosting platform for version control and collaboration

Very unlikely there is any PII here but it’s good to mention.

Tableu

Data visualization and data analytics tool

BI

Intacct

Accounting software

Invoice information, accounts receivable/payable contact (email address)

Groove

Salesforce email add on that holds customer and lead information

PII like names, emails etc

 

Change Notification Request